[exim] cyrus sasl authentication problems

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Ross Boylan
Date:  
À: exim-users
CC: ross
Sujet: [exim] cyrus sasl authentication problems
I have been trying to authenticate using the same account database as my
Cyrus imap server. I can't even seem to get very useful debugging
output. I would appreciate any help.

Following suggestions earlier on this list, I run (as root)
exim -d -oX 198.144.201.14.27 -bd 2>&1
and ran swaks on the client.

The terminal running exim shows a lot of information (see below), but
absolutely nothing when I try to connect to it. The client clearly
shows a session initiated and challenge and failed response. When I
upped the sasl log level to 5 my authentication log on the server
showed
exim4: no secret in database

I am puzzled that I can't get more diagnostics out of the server. Any
suggestions?

Also, obviously, I would like to get this working! I have verified that
the user/password combination works for the IMAP server.

Everything is TLS encrypted.

Details:
Running on Gnu Linux 2.6.18
exim4-daemon-heavy                    4.68-2
libsasl2-modules                      2.1.22.dfsg1-16
I ran in an emacs shell inside of screen, connected via ssh.
I tried running outside of emacs (still inside screen) with the same
results.


-------------- exim config -------------------------

cram_md5_sasl_server:
driver = cyrus_sasl
public_name = CRAM-MD5
server_realm = betterworld.us
server_set_id = $auth1

-------------/usr/lib/sasl2/exim.conf------------------------

mech_list: PLAIN DIGEST-MD5 CRAM-MD5
allowapop: no
minimum_layer: 0
pwcheck_method: auxprop
auxprop_plugin: sasldb
auto_transition: no
log_level: 50

# I later added
sasldb_path: /etc/sasldb2
# but it didn't help
--------------------------- misc -------------------------------

-rw-rw---- 1 root sasl 49152 2006-07-20 22:31 /etc/sasldb2
exim runs under Debian-exim, which is a member of the sasl group

------------ terminal session on server -----------------
# date; exim -d -oX 198.144.201.14.27 -bd 2>&1
Thu Jan 10 14:30:50 PST 2008
Exim version 4.68 uid=0 gid=0 pid=4186 D=fbb95cfd
Berkeley DB: Berkeley DB 4.6.21: (September 27, 2007)
Support for: crypteq iconv() IPv6 PAM Perl GnuTLS move_frozen_messages
Content_Scanning Old_Demime
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb
dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram
redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
changed uid/gid: forcing real = effective
uid=0 gid=0 pid=4186
auxiliary group list: <none>
seeking password data for user "uucp": cache not available
getpwnam() succeeded uid=10 gid=10
seeking password data for user "cyrus": cache not available
getpwnam() succeeded uid=112 gid=8
configuration file is /var/lib/exim4/config.autogenerated
log selectors = 00000ffc 00612001
cwd=/var/log/exim4 5 args: exim -d -oX 198.144.201.14.27 -bd
trusted user
admin user
seeking password data for user "mail": cache not available
getpwnam() succeeded uid=8 gid=8
seeking password data for user "cyrus": cache not available
getpwnam() succeeded uid=112 gid=8
Cyrus SASL knows about: CRAM-MD5
Cyrus SASL driver cram_md5_sasl_server: CRAM-MD5 initialised
user name "root" extracted from gecos field "root"
originator: uid=0 gid=0 login=root name=root
4186 local_interfaces overridden by -oX:
4186 <: 198.144.201.14.27
4186 listening on 198.144.201.14 port 27
4186 changed uid/gid: running as a daemon
4186 uid=103 gid=103 pid=4186
4186 auxiliary group list: 45 103
4186 LOG: MAIN
4186 exim 4.68 daemon started: pid=4186, no queue runs, listening for
SMTP on [198.144.201.14]:27
4186 set_process_info: 4186 daemon: no queue runs, listening for SMTP
on [198.144.201.14]:27
4186 daemon running with uid=103 gid=103 euid=103 egid=103
4186 Listening...
# everything above here preceded client connection
# and nothing more appears after that.

other logs show
2008-01-10 14:31:13 cram_md5_sasl_server authenticator failed for
x.y.z.mindspring.com (localhost) [69.999.999.999]: 535 Incorrect
authentication data
# client identity manually obscured in preceding line